The EOS blockchain network went live on June 14, raising hopes that a powerful challenger to the long-established Ethereum platform had arrived. But the EOS network already has plenty of critics who are pointing out critical security flaws.
Block.one, the Cayman Islands-based company that built the EOS software, did not respond to a request for comment from ThirtyK, but it’s no secret that its goal is to expand its platform and take market share from Ethereum.
“If malicious attackers believe they can manipulate the network for their own financial gain, then it will be attacked,” Kwon says.
EOS is expected to be able to process transactions much faster than its established rival, and Block.one certainly has no shortage of capital to deploy after in a yearlong initial coin offering for its (EOS) tokens. Still, there are those who believe Ethereum’s entrenched position as the first mover in the space gives it a powerful advantage.
Even with the enthusiasm surrounding EOS, some technology experts say the platform already has significant security flaws.
After the EOS blockchain experienced over the weekend, Cornell University computer science professor Emin Gün Sirer Monday, “I’m calling it: there will be a massive exchange hack within the next year, taking advantage of an EOS vulnerability. The exchange will lose its hot wallet. Hackers will send the proceeds to downstream exchanges, where they will trade into other coins.”
Yo Sub Kwon, the founder and CEO and of Hosho, a blockchain security firm, tells ThirtyK the EOS team’s response to security problems before the blockchain was officially launched is a cause for concern.
“A couple of weeks before their launch, a major security issue was discovered and the response, in addition to fixing it, was to announce a bug bounty program. Significant issues were discovered through this bug bounty campaign,” he says.
But the EOS team didn’t let the bug bounty, which rewards individuals for reporting software bugs, run for long enough, Kwon says. It was stopped once there was no longer a steady flow of incoming problems.
“The fact that the network wasn’t even live for two days before suffering another critical issue further proves how immature the software is and how much more testing should have be done before launch, which felt sloppy and rushed,” he says, referring to the weekend platform freeze.
It is highly likely security issues will linger, Kwon predicts.
“Issues were being discovered right up until the Mainnet’s launch, and are likely still being discovered,” Kwon says, referring to the launch of the EOS blockchain. “If malicious attackers believe they can manipulate the network for their own financial gain, then it will be attacked.”
To protect against future security issues and bugs, EOS should continue the bug bounty and increase the amount of the rewards to encourage more white hats – people who hack into a computer network in order to test or evaluate its security systems – to examine the network and codebase, Kwon argues.
“Also, they should perform comprehensive security audits from capable firms in the space to seek out other security issues,” he says of Block.one. “They need to have experts analyze the technology and locate as many security issues as possible before they are discovered and exploited by malicious hackers or triggered accidentally by unsuspecting users.”